Little Green Light®
Privacy Policy
This Privacy Policy describes how Little Green Light (“Little Green Light” or “LGL”) collects, processes, shares and protects Personal Information when users interact with the Little Green Light donor management service for nonprofit organizations (“NPO”), the LGL Forms service, the LGL Community, the content that Little Green Light publishes such as webinars, blog posts, email and e-books, and any related services provided by Little Green Light, LLC and this website. (collectively the “Service”). For purposes of this Privacy Policy, Personal Information means information or data relating to an identified or identifiable natural person and may include identifiers such as names, email addresses, IP addresses and similar data. LGL does not currently allow accounts to be created for entities subject to EU or UK laws, but the provisions below may apply to individual Users based in those jurisdictions.
Data Protection and Confidentiality
Little Green Light has appropriate safeguards and processes in place to protect Personal Information and to help ensure that Personal Information remains secure and confidential. All Little Green Light employees and contractors who we grant access to any Personal Information are bound by confidentiality agreements, which bind them to take all reasonable precautions to prevent any unauthorized use or disclosure of confidential information and Personal Information. If a Little Green Light customer or prospective customer contracts with a consultant to help the NPO with the NPO’s LGL Account, the NPO’s relationship with the consultant will be governed by the NPO’s contractual and privacy agreements with the consultant. That being so, the consultant’s use of the Service and access to Personal Information within the NPO’s LGL Account will be subject to the LGL Terms of Service and this Privacy Policy.
LGL will only maintain Personal Information for as long as necessary to achieve the purpose for which it was collected.
Data Little Green Light Collects
Except as provided below, NPOs provide the Service with Personal Information from their organizations and their team members (“Users”). This data is provided by the NPOs solely to enable the use of the Services as set forth in the LGL Terms of Service. This data includes:
a) Information about the NPO and Users or organizations affiliated with the NPO who are evaluating, researching, purchasing, or using the Service. In this case, Little Green Light acts as a “Controller.” (A controller determines the purposes and means of processing personal data.) This includes NPO contact information (such as individual name, organization name and email address provided to the Service by the NPO) whenever a NPO subscribes to email subscriptions, e-books, or webinars or when a User communicates with Little Green Light.
b) When the NPO signs up and registers to use the Service, Little Green Light collects basic contact information (user names, organization name, physical address, email address, and billing information from the NPO.)
c) Information about individuals and organizations the NPO provides to the Service (“Constituents”) within the NPO’s Little Green Light account (the “NPO’s LGL Account”). For this data, Little Green Light acts as a “Processor” and the NPO acts as a Controller. (A processor is responsible for processing personal data on behalf of a controller.)
d) Information Users or visitors to the website provide to Little Green Light such as answers to forms, requests for information, support requests and the like. This information is collected in order to further LGL’s legitimate business interests (and the desires of the individuals providing the information) and to provide the Services.
e) The LGL website uses, and we sometimes allow third-parties to use, technologies such as cookies, beacons, pixels, tags, and similar technologies to collect certain technical information from you automatically. If you want to understand how these technologies work, there is much information on the internet. However, the main thing to know is that these are bits of computer code that enable companies like us to collect or receive information from your visits to the Websites or your interactions with our emails, and in some cases, store identifiers or other information on your device.
f) The LGL Service is not designed for, nor do we knowingly collect information from, any person under the age of 16.
g) With respect to data provided by the NPO, as between the NPO and LGL, the NPO remains the sole owner of such data.
Use and Sharing of Personal Information
Little Green Light uses Personal Information solely for the following purposes:
i.To make available and deliver the Service;
ii. Billing, identification and authentication;
iii. Services improvement, communication, internal research, and product development.
Little Green Light does not share Personal Information with or to other organizations for commercial purposes, except to provide the Service, or under the following circumstances:
i. As necessary to share Personal Information to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.
ii. Little Green Light may disclose Personal Information (including personally identifiable information within the Personal Information) under special circumstances, such as to comply with lawful requests and subpoenas by public authorities, including to meet national security or law enforcement requirements. Unless Little Green Light is prohibited by law from doing so, Little Green Light will notify the NPO in advance of the disclosure to give the NPO an opportunity to object to the disclosure before the tribunal or agency requesting the disclosure.
iii. Little Green Light will transfer Personal Information if Little Green Light is acquired by or merged with another company, or if all or substantially all of Little Green Light’s assets are transferred to an acquiring party. In this event, Little Green Light will notify the NPO before the Personal Information is transferred and becomes subject to a different privacy policy.
iv. With the data subject’s or User’s consent.
Little Green Light does not sell any data it collects from the NPO or that it otherwise collects or processes in providing the Services.
Cookies
A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to the NPO’s LGL Account User’s browser from a website’s hosting computer and stored on the User’s computer or device.
For visitors to the Little Green Light public website (www.littlegreenlight.com), Little Green Light may employ cookies for “remarketing” ads via third-parties such as Google. Learn more about managing Google ad preferences on Google’s Ads Preferences Manager page.
Cookies are required to use the Service. Little Green Light uses cookies to record current session information, including authentication and page display preferences, but Little Green Light does not use permanent cookies. Little Green Light also uses cookies to require Users to log in to the NPO’s LGL Account after a certain period of time has elapsed to protect against others accidentally accessing the NPO’s LGL Account.
Third-Party Software
Little Green Light uses a number of third-party software providers to process Personal Information and to provide the Service, and to manage communication channels with the NPO (each a “Subprocessor”). Little Green Light is the sole agreement holder with these third-party agents, and Little Green Light ensures that it has sufficient agreements in place with such Subprocessors to protect Personal Information, including any personal or sensitive Personal Information, to meet our Terms of Service and this Privacy Policy.
The Service also includes integrated services provided by third-parties for which NPOs need their own account. In these cases, the data handled by these third-party services is covered by the third-party’s terms of service and privacy policy.
Little Green Light maintains a list of Subprocessors, which is available in the NPO’s LGL account. If Little Green Light wants to add or change Subprocessors, Little Green Light will update that list at least 30 days prior to making any change. The NPO may reasonably object to any such change by notifying Little Green Light. With any objection, Little Green Light will not share NPO Personal Information unless and until the objection is resolved. If the Services cannot be reasonably provided without the use of the new Subprocessor, the NPO may terminate its account.
Right to Access, Correct and Delete
If a User of the Service is an individual residing in the EU, UK or Switzerland, then in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), the User has the right to access and correct any personal data and Sensitive Information that Little Green Light collected from or about the User. Users also have the right to delete any information that has been handled in violation of the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. To exercise these rights, contact us at: privacy@littlegreenlight.com.
Note to Constituents (data subjects): EU, UK and Swiss individuals have the right to access their personal data that is stored within the Personal Information, and to limit use and disclosure of their personal data that is stored within the Personal Information. With Little Green Light’s participation in the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, Little Green Light has committed to respect these rights. Because each NPO is the Controller of its Personal Information, if you are an EU, UK or Swiss individual and wish to request access to your personal data that is stored in an organization’s Little Green light account, or wish to limit the use or disclosure of that data, please contact the organization who serves as the Controller of your personal data. Or, you can contact Little Green Light at privacy@littlegreenlight.com and provide the name of the NPO who submitted your data to the Service. Little Green Light will refer your request to that NPO, and will support the NPO’s response to the request.
Changes
Little Green Light may periodically update this Privacy Policy. Little Green Light will notify the NPO about significant changes to this Privacy Policy by sending an email notice to the email address for the primary contact specified in the NPO’s LGL Account. Other changes may be documented by placing a prominent notice on the website or the Service or by changing the Effective Date at the top of this Policy.
Data Privacy Framework
Little Green Light complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the US Department of Commerce. Little Green Light has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Little Green Light has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Little Green Light’s accountability for personal data that it receives in the United States under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF and subsequently transfers to a third-party is described in the DPF Principles. In particular, Little Green Light remains responsible and liable under the DPF Principles if a third-party agent that Little Green Light engages to process personal data on its behalf does so in a manner inconsistent with the DFP Principles, unless Little Green Light proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Little Green Light commits to resolve privacy complaints and complaints about Little Green Light’s collection or use of your personal information transferred to the United States pursuant to the EU-U.S. DPF, the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Little Green Light at: privacy@littlegreenlight.com.
Little Green Light has further committed to refer DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
Any questions about this Privacy Policy should be addressed to privacy@littlegreenlight.com.